This Privacy Notice is applicable to all services managed by the Newcastle upon Tyne Hospitals NHS Foundation Trust and explains:
- what we do with personal information we collect about you
- how we store this information
- how long we retain it
- who we may share it with
- for which legal purpose we may share it
Under data protection law we are legally required to explain how we use your information in a way that is:
- concise and easy to understand
- transparent
- easily accessible – written in clear, plain language, particularly if addressed to a child
- free of charge
Data protection law says the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way
- collected only for valid purposes that we have clearly explained to you and not used in any
- way that is incompatible with those purposes
- relevant to the purposes we have told you about and limited only to those purposes
- accurate and kept up to date
- kept securely and only as long as necessary for the purposes we have told you about
General Data Protection Regulations Statement
The Newcastle upon Tyne Hospitals NHS Foundation Trust is a ‘Data Controller’ under the European General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018.
This means that we are legally responsible for ensuring that all personal data we hold and use is done so in a manner that meets the current and future data protection principles.
We must notify the Information Commissioner about all our data processing activities.
Our Data Processing registration number is Z6173332.
How we store and process your personal information
To see how we store and process data about you, please see the following webpages:
Links to:
Newcastle Hospitals – Privacy notice for patients
Newcastle Hospitals – Privacy notice for children and young people
Newcastle Hospitals – Privacy notice for staff
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We will notify you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Definitions
GDPR
“GDPR” means the General Data Protection Regulation (2016/679).
Personal data
“Personal data” means information relating to a natural (living) person or “data subject”, which can be used to identify the person. This provides for a wide range of information to constitute personal data, for example:
- Name
- Identification number
- Social media posts
- Location data
- Online identifier
Special category of personal data
“Special category of personal data” means information which is thought to be “extra sensitive”, such as ethnicity, data concerning health, biometric data, sexual orientation and religious or philosophical belief.
Data controller
“Data controller” means the organisation that determines or decides the purposes, conditions and means of the processing of personal data.
Processing
“Processing” means anything that is done to the personal data we hold.
Pseudonymisation
“Pseudonymisation” is the processing of personal data in such a way that the data can no longer be attributed to a specific person without the use of additional information (key).
Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under data protection and freedom of information legislation. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO.
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF
National Rate
Local Rate
Website Privacy Notice
Our website privacy notice is available on our website.
Privacy notice